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1. INTRODUCTION 

In response to the Office Action dated October 6, 2003^ claims 3, 16, 17, 32, 33, 47, 
48, 55. 78, 79, 88 have been canceUed, claims 1, 4, 5, 18, 19, 35, 54, 56, 61, 71, 77, and 86 
have been amended. Claims 1, 2, 4-15, 18^31, 34-46, 49-54, 56-77, 80-87, and 89 remain in 
the application, Re-examinadon and te-considerarion of the applicarion, as amended, is 
requested. 

n, CLAIM AMENDMENTS 

Applicants' attorney has made amendments to the claims as indicated above. These 
amendments were made solely fot the purpose of clanfying the language of the claims, and 
were not required for purposes of patentability, 

III. OFFICE ACTION OBJECTIONS 

In the Applicants' form 1449, die Examiner noted "need Eng^h" in connection 
with the recitation of document number EP 0 ' 
reference was not considered. Pursuant to M. 



791 877 Al, but did not indicate diat the 
P.E,P. § 709, die Applicants state diar this 



reference is considered "relevant" solely because it was cited the search report of the related 
PCT application. To assist the Examiner, however, the Applicants also hereby submit an 
equivalent version of the reference (EP 0 791 j877 Bl), which includes an English translation 
of the claims, and a machine-ttanslaced version of the text of the EP 0 791 877 Bl reference. 



IV. THE CITED REFERENCES AND THE SUBJECT INVENTION 
A. The Rallis Reference 
U.S. Patent No. 6,425,084, issued July : 



23, 2002 to Rallis et aL disclose a notebook 



security system using infrared key that prevents unauthorized use of a computer, A program 



resident on die computet implements a user-V|j 



dation procedure. An IR key device carries a 



^jalidati' 



first serial number and an encryption key- A second serial number corresponds ro a device 
internal to die computer. A mass storage device installed in the computer stores a validation 
record diat includes an unencrypted portion and an encrypted portion, the unencrypted 
portion including a copy of the first serial number and the encrypted portion including a 

-15- 

GScC 30074.26-US-Il 

PAGE 30/45 * RCVD AT 1/6/2004 4:23:51 PM [Eastern Standard Time] ' SVR:USPT0-EFXRF-1/9 * DNIS:8729306 ' CSID:+13106418798^ DURATION (mm-ss):11-06 



01-06-2004 01:37PM FROM-Gates 4 Cooper LLP +13106418798 T-795 P. 031/045 F-848 



copy of said second serial number and a user personal identification number. The key device 
is coupled and interfaced with an in&axcd port on the computer by the user. The first serial 
number and the encryption key are read &om die key device in order to gain authorized use 
of the computer. Tlie key device may be decoupled from die computer after authoiized use 
of the computer has been gained, and during operation of the computer. 

B. The Subject Invention 

The Applicants' invention is a compact, self-contained, personal key that permits 
storage of sensitive private user data, and prevents this data firom being provided to the host 
computer without affinnative user authorization. The personal key comprises a processor 
which provides dae host processing device conditional access to daca siorable in the memory 
as well as die functionality requited to manage files stored in the personal key and for 
performing computations based on the data in the files. In one embodiment, die personal 
key also comprises an integral tiser input device and an integral user output device. The 
input and output de\tices communicate with the processor by communication paths which 
are independent from the USB-compliant interface, and thus allow the user to communicate 
with the processor without manifesting any private information external to the personal key. 

C. Differences Between die Subject Invention and die Cited References 

The Rallis reference is directed to a key diat is used to prevent unauthorized use of a 
notebook computer. When the notebook is powered up, the user is prompted to connect a 
key to one of die available input ports (a USB port, a PS/2 port, or an IrDA pore). If the 
proper key is coupled to the port, the notebook uses data provided by the key and an 
optional PIN entered into the notebook to unlock the notebook computer. 

The Applicants' invention, as described in the above claims, is not directed to 
preventing unauthorized access to a host computer. Instead, it is directed to the storage and 
retrieval of user sensitive data, and to protecting this data so tliat the daca is not provided to 
the host computer or anywhere else unless the token receives an affirmative input 
audiorizing die token to provide the data. The Rallis "key" does not store user private data 
such as passwords and the lilce ,„ it stores a serial number and an encryption key, both of 
which are set by the manufacturer! 
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The key device serial number and encryption kcy» usually a large prime number, are loaded into 
the key device 20 by the inanufacTurer.(coL 3, lines 27-29) 

In the many embodiments descnbed and claimed, the Applicants' invention 
piovides for aa integmted user input device for accepting the user input authorizing access 
to the sensitive data (thus preventing tampering), and an integrated user output device, 
which signals that access to the sensitive user data stored in the token is being requested and 
prompts the user to authorize such access. 

The Rallis reference does not disclose a user input device signaling authorization of a 
processor operation authorizing access to the sensitive user data. When the Rallis key is 
coupled to the notebook, the serial number and encryption key are exchanged, no user 
authorization i$ necessary and no user authorization is performed. 

The Rallis reference also does not disclose that this user input device is 
communicarively coupled to die token's processor by a path distinct from the USB- 
complianc interface- Tlie only user input devices diat are arguably coupled lo the token's 
processor using a path distinct from the USB-compliant interface are the fingerprint sensor 
28 and a transmit switch. The fingerprint sensor 28, however is not used to signal 
auihorizadon of access to the user's sensitive information. Instead, the fingerprint sensor 
simply reads fingerprint data and provides that data to the notebook computer for 
processing and comparison. Likewise, die transmit switch does not signal authorization of 
access to die user's sensitive information. At best, it simply saves power so that the ke/s IR 
circuits are not activated vmdl the stored serial munber and encryption key is required to be 
transmitted to the notebook computer. Further, the depression of the switch is not in 
response to a message received in the token from the host processing device via the USB- 
compliant interface invoking die processor operation. 

Finally, different embodiments of the Applicants' invendon include the use of an 
integral user output device signaling that access to die user's sensitive data is requited. This 
prevents the user fi:om tmknowingly providing access to such informadon, and serves as a 
prompt for the user to use the input device described above to signal authorization of sucli 
access. With these important differences in mind, please consider the Applicants' remarks 
below. 



-17- 

G&C 30074.26.US-n 



PAGE 32/45 ' RCVD AT 1/612004 4:23:51 PM [Eastern Standard Time] * SVR:USPT0-EFXRF-119 ' DNIS:8729306 ' CSID:+13106418798 ' DURATION (mm-ss):11-06 



01-06-2004 01:37PM FROk^Gatas 4 Cooper LLP +13106418798 T-795 P. 033/045 F-848 



V. OFFICE ACTION PRIOR ART REJECTIONS 

In paragraphs (l)-(2), the Office Action rejected claims 1-9, 13-25, 29-40, 44-50, 53- 
57, 60^63, 65-67, and 71-89 under 35 U-S.C. § 102(e) as unpatentable over "RAllis'' (which 
"Rallis" reference is unclear, as addressed bdow). The Applicants respectfully traverse these 
rejections. 

Ac the outset the Applicants note that the Office Action's form PTO-892 recites 
three patents diat are issued to Rallis ct al., including U.S. Patent 6,425,084, U.S. Patent 
6,189,099, and U.S. Patent No. 6,401,205, Unfortunately, die Office Action does not 
indicate which of die diree "Rallis" references is relied upon in rejecting the Applicants' 
claims. As far as the Applicants can ascertain, the reference that best correlates with the 
Office Action's arguments is U.S. Patent 6,425,084. The Apphcants We therefore 
addressed their coroments accordingly. Should the Exaininer have intended to reference a 
different "Rallis" reference than that which is addressed herein by the Applicants, the 
Examiner is invited to contact the Applicants' attorney, Victor G . Cooper, direcdy to discuss 
the patentability of the Applicants' claims in view of the Rallis references. 

Witli Respect to Claim 1 : Claim 1 recites: 

"A compact personal tokcn^ comprising ... a user input device, commumcaiivQlj coupkdto the 
processor by a path distinct from the USB-complianl interface, for accepting an input.,". 

According to die Office Acdon, the foregoing features are disclosed in the Rallis 
reference as follows: 

A program ninning on the notebook computer 10 uses tlie key device serial number and tlie 
encryption key, along with a Personal Identification >(umber (PIN)i in a user-validation procedure 
10 prevent operation (i.e. power-up) of the note book conq)uter 10 by an unauthorized user. (coL 2, 
lines 62-67). 

and in FIG. 1 A, as reproduced below; 
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?//////// 



FfaiA 



The Applicants respectfully disagree. The foregoing pordons of the Rallis reference 
appear to disclose litde mote than a user-validarion procedure, and Rallis itself expressly 
teaches a "key device" that has "no external controls" (see. col 2, Uncs 46-47). 

The Rallis reference does disclose a iSngetprinc reader 28, which reads fingetptint 
data and provides the data to the notebook for processing instead of the serial number and 
encrypuon key data: 

As an altcmaiive to serial number and enciyption key data, the key device 20 can include special 
security features, such as a fingerprint-reader 28 (FIG- 5C), or a "smancard" reader ihai senses 
data on a "smartcard" 29 (FIG. 5D), to generate key data. Tliis data is forwarded by the key device 
20 to the user-validation program in a manner identical to the transmission of serial number and 
encryption key data. (col. 5, lines 14-21). 

and also discloses an IR embodiment which uses a switch depression to transmir the key 
serial number and encryption key (presumably, to conserve key power): 

When prompted by the user- validation program, the user aligns the IR key device 21 with the IR 
port 16 and depresses the switch 25 within the alloned time peiiod (e.g. 30 seconds). The IR key 
device 21 transmits a message that includes the key device serial number and the encryption key 
using the Ultra Protocol as cstabhshed by the Infrared Data Association (IrDA). (col. 5, lines 51- 
57) 

However, claim 1 recites diat die accepted user input is "for pmtssing by the processor to 
signal authorisation of a processor operation providing access to the user private data*^ and that tlic input 
is provided 'Vt? response to a message received in the token from the host processing detnce via the USB- 
compliant interface invoking the processor operation", Rallis teaches that the fingerprint data is 
transmitted to the notebook for processing instead of performing the processing in the 
token processor. Fingerprint input likewise docs not signal auchorizarion of a processor 
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operadon providing access to user private data ... the fingerprint data is simply Txansmiucd to 
die notebook computer. And ncidier fingerprint data nor die depression of the transmit 
switch is provided in response to a message received in the token from the host processing 
device via the USB-compEant interface.*' Fot all of these reasons, die Applicants 
respectfully traverse the rejection of claim 1. 

Wifh Respect to Claims 18-19 : Claim 18 recites die step of: 
^'processing the us^ input in the processor to authori^ the processor operation*^ 
The Applicants navcrse this rejection, because as pointed out above Tvith respect to 
claim 1, nothing in die Rallis reference teaches (1) accepting a command in the token 
invoking a processor operadon via a USB interface, (2) accepting a Viser input signaling 
authorisation of that operation and providing the user input to a processor via a path distinct 
from die USB-compliant interface, and processing die user input in processor to audiorize 
die invoked token processor operation. 

Claim 19 recites the features of claim 18 and is patentable on the same baais. Claim 
19 also recites features rendejdng it even more remote fi:om the Rallis reference. Ralhs, for 
example, does not disclose detetmining if a processor (token processor) requires access to 
private data stored in the token, and prompting the user to authorize the operadon via an 
output device. The Office Acdon indicates that ''access to private data is secured, because 
only the authorized user with the Pin can access the host computer system", but claim 19 
recites diat the process requires access to the private data stored in the token^ not in the host 
computer. 

With Respect to Claim 3_5 : Claim 35 recites the steps of: 

accepting a command in the token invoking a processor operation via the USB-compliant 

interface; 

dBterminin^ in the token, if the processor operation requires access to the private data 
stored in the token; 

prompting the user to mtthon^ the processor operation via an output dmce 
communicatively coupled to the processor by a path distinct from the USB-compliant interface if the 
processor operation reqtnres access to a private data stored in a memory in the token; 

accepting a user input signaling authorisation of the processor operation via an input device; 

and 

providing the user input to the processor via a communication path distinct from the USB- 
compliant interface 

The Rallis reference does not disclose accepting a comxTiand in the token invoking a 
processor operadon via a USB-compliant interface, or determining, in the token, if the 
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processor operation requires access to the private data stored in the token. The Rallis 
reference likewise does not disclose accepting user input via a communication path distinct 
from the USB-compliant interface. Accordingly, the AppUcants respectfuUy traverse the 
rejection o£ claim 35. 

WiA Respect to ClaiiYij^g : Claim 49 recites a token having a processor for providing 
the host processing device conditional access to store and retrieve data storable in the 
memory, the data including personal idendfication private to the user» and a user input 
device, communicatively coupled to the processor by a padi distinct from the USB- 
compliant interface, for accepting a user input describing tlie personal identification. 

The fingerprint embodiment of the Rallis reference reads the user's fingerprmt and 
provides that fingerprint data from the key 20 to the notebook computer for processing. No 
conditional access is provided „. RallLs teaches chat die personal information is provided 
when the person grabs the key. The transmit s\ritch does not accept user input describing the 
personal identification. For the foregoing reasons, the Applicants respectfully traverse the 
rejecdon of claim 49. 

With Respect to Claitns 54-55 : Claim 54 recites die steps of; 

determining if the pwcessor op^ratidn requires accm to the personal idenlrfimtion storable in a 

memory of (he token; and 

detmnining if the personal identification is stored in the memory of the token; and 

prompting the user to enter a personal identification if the processor operation requires access to the 

personal identification and the personal identification is not stored in the memory of the token 

The Rallis reference does not teach any of these forgoing features. Rallis simply 
provides a serial number or an encryption key (or in an alternative embodiment, fingerprint 
data) to the notebook for fimliet processing. Further, while Rallis teaches prompdng die 

user to connect the key: 

A program that is automatically invoked at computer powcr-up> or reset, implements the user- 
validation procedure. The user is prompted to connect the key device to the computer. In the 
preferred embodiment, die user is prompted to enter a PIN, although the system can be configured 
to operate without manual PIN entry, (col. 1, lines 59-64) 

A flow diagram of the user-validation procedure is shown in FIG. 3, In Step 1, the user-validation 
program prompts tlie user to attach the key device 20 to the notebook computer 10. The program 
attempts to communicate with the key device 20 for a fixed delay period. If a key device 20 is not 
delected within this period^ then the program proceeds to Step 1 1 where the computer is 
automatically powered down. In Step 2, the program reads the key device serial number and 
encryption key that are stored ia the key-device ROM 24. The key device serial numbor and 
encryption key, usually a large prime number, are loaded into the key device 20 by tlie 
manufacturer, (col. 3, lines 17-28) 
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teaches prompting the user to enter a PIN; 

Iti Step5, user- validation program prompts the user to enter a PIN, The PIN consists of a string 
of six to eight characters. In Step 6, the program coicpares the PIN to the corresponding number 
Stored in field 2 of the decrypted validation record. If the numbers do not match, the program 
moves to Step 1 1. If the system is configured to operate without tlie manual entry of a password or 
PIN, Steps 5 and 6 are bypassed, (col, 4, hncs 13-20) 

and teaches prompting the user to position an IR key device with the IR port of the 
notebook: 

When prompted by the user-validation program, the user aligns the IR key device 21 with the IR 
port 1 6 and depresses the switch 25 within the allotted time period (e.g. 30 seconds). The IR key 
device 21 transmits a message that includes the key device serial number and the encryption key 
using the Ultta Protocol as established by the Infirared Data Association (IrDA). (col. 5. lines 51- 
57) 

After the user-validation program prompts the user to aUgn the IR key device 2 1 with the IR port 
16, it transmits a command message containing a "super key" access code number, (col. 6. lines 
10-13) 

However, the RaJlis reference does not teach determining if personal identification is 
required, if personal idendfication is stored in the token, and if it is not, prompting the user 
to enter the personal identificauon. Accordingly, die Apphcants respectfully traverse the 
rejecrion of claim 54. 

With Respect to Qaims 61 and 71 : Claim 61 recites that the user input device 
signals authorization of a processor operation. As described above, the "user input" data of 
the RaJIis reference is fingerprint data that i$ simply forwarded to the notebook computer for 
further processing. The fingeqDrint data is not used to authorize a processor operation in the 
token itself Claim 61 also recites that the user input device signals authorization of a 
processor operation invoked by a message received in die token via the USB-comphant 
interface. These features arc likewise not disclosed in the Rallis reference. 

Claim 71 recites the step of accepting "a user input to cont/vf the processor operation 
via an input device." The Ralhs "user input" (fingerprint data) does not control the 
operation of die key's processor. Instead, the data is simply read and provided to the 
notebook computer for analysis. Furthet, the depression of die transmit switch does nor 
control m processor operation invoked by a command accepted in the token via the USB- 
compliant interface.. In fact, the Ralhs reference itself teaches a key with no external controls, 
(see col. 2, lines 46-48). Accordingly, the Apphcants respectfully traverse the rejection of 
claim 71. 
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With Resp<s<^t fo Claim 77 : Claim 77 recites token having a user output device for 
providing an indicauon of a data signal feom die USB-compliant interface. Nothing in the 
Rallis reference discloses this limitation. Accordingly, dac Applicants respectfully traverse 
tiiis rejection 

With Respect to CWnry 80 : Claim 80 redtes a compact personal token comprising a 
user output device. The "key" disclosed in the Rallis reference does not include a user 
output device. Accordingly, claim 80 are allowable over the Rallis reference. 

With Respect n^iin 7 23. and 38 : Claims 2. 23, and 38 recitc the features of 
independent claims 1,18, and 35, respectively and are patentable for the same reasons. 
Claim 23 also recites the features of claims 19 and 20 (discussed fiirther below) and is 
patentable for those reasons as well 

^itfa Respect to Claima 9 and 19 : Claim 9 recites the features of claim 7 
(includiog an output device communicatively coupled to die processor by a second path 
distinct from the USB-compUant interface). The Rallis reference fails to disclose such an 
output device and is patentable on this basis alone. 

Claim 19 recites that the user is prompted to audiorize the processor operation if the 
operation requires access to private data stored in the memory. As described above, Rallis 
fails to disclose these featuxt:s. 

With Respect to Claim 4 : Qaim 4 recites that the user private data is designated as 
requiting audiotizadon before access by an associated idendficarion stored in the token's 
memory. According to the Office Action, the foregoing features is disclosed as follows: 

The user is proBq>ted to connect the key device to the computer. In the preferred erabodiment, the 
user is prompted to enter a PIN, although tlie system can be configured to operate without manual 
PIN enny. The procedure permits entry past a first security level only if tlie key device serial 
number matclies the unencrypted numbers in the validation record, (coL 1, lines 62-67) 

and 

A program running on the notebook con^uter 10 uses the key device serial number and the 
encryption key, along with a Personal Identification Number (PIN), in a user-validation procedure 
to prevent operation (i.e. power-up) of the note book computer 10 by an unauthorized user. (col. 2, 
lines 62-66) 

The Applicants respectfully disagree that the foregoitig discloses designating 
anything analogous to private data as rcqi.iiiing audiorizadon before access by the token's 
processor. 
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With Respect ro Ckims 5. 24. 39, 53. 60. 65. and 73 : Claims 5, 24, 39, aixd 73 recite 
the features of the claims they depend upon, and ate patentable for the same reasons- 
Claims 53 and 60 recites two pressiarc sensidve devices actuatable £com die exterior side of 
the token. According to the Of&ce Action, this is disclosed as follows: 

Ideally, the IR key device 21 is of such shape and size as to be placed on the user's key chain. It is 
self-powered and in its basic configuraiion^ as shown in FIG. 6B, includes an IR transmitter 27 
and a momentary transmit switch 25, in addition to a microprocessor and ROM (not shown), (col. 
5, lines 46-50) 

Plainly, two pressure sensidve devices are not disclosed, and hence, claims 53 and 60 
are allowable over RalUs. 

\yith Respect to Claims 6. 25. 40. and 66 : Claims 6, 25, 40, and 66 redte die features 
of the claims they depend upon and arc patentable for the same reasons. 

Widi Respect ro Claims 7. 56. 74. and 88 : The portion of the Rallis reference relied 

upon by the Office Action: 

A piogTMn that i& automadcdly invoked at computer power-up, or reset> implcmems die uset- 
vdidatLoa procedure. The user i$ prompted to coimecr the key device ro the computer. In the 
preferred embodiineni, the user is prompted to enter a PIN, althougji die system can be configured to 
operate without manual PIN entry. The procedure permits encry past a first security level only if die 
key device scnal number matches die mienccypred numbers in the validadon record. If the first-level 
vdHdadon is successful, die procedure dieo uses the encryption key to dectypt die hard drive scnal 
number and PIN found in die stored validation record. The procedure permits entry past the second 
security level only if the validation record is ptopcily decrypted, the installed hard disk serial number 
matches die decrypted number, and the manually-entered PIN matches the decrypted PIN. A failure 
at any Step in die user-validation procedure will immediately power down die computer, thereby 
rendering it useless co a thief not possessing the required key device, 
(col. 1, line 60 through coL 2, line 7) 

fails to disclose an output device commanicatrvely coupled to the token processor by a path 
independent from the USB-compUant interface, Accor<3ingly, the Apphcants respectfully 
traverse the rejection of claim 7. Claim 88 is allowable for analogous reasons. 

Claims 56 and 74 recite promptitig die user to enter the personal idcnttficarion 
number or control the processor operadon via a path disrinct from the USB-compliant 
interface." Tliis features arc also not disclosed in RalHs. 

gyith Respect to Claims 8, 21. 36. and 75 : Claim 8 recites diat the input device and 
output devices padis arc a common path. According to the Office Action, this is disclosed 
as follows: 
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Tb.? procedure pcimits entry past a 6r(;t security level only if the key device serial number m^itches tli^^ 
unencrypted numbers in the validation record. If the fot-level viiUd^tion is successful, the procedure 
dien uses the encxyptton key to decrypt die hard drive serial number and PIN found in the stored 
validation record- Tlie procedure permits entry past the second sccxiriiy level only if the vahdauon 
record is properly decrypted, die installed hard disk serial number matches die decrypted number, and 
the manmlly-entercd PIN matches die decrypted PIN, A failure at any iitep in the user-vahdation 
procedure will immediately power do\wi the computer, dieicby rendering it useless to a duef not 
po;^$essing the rec^uixed key device, (col- 2, lines 3-10) 

The Applicants respectfully disagree and dierefoic travexse this rejection. Claims 21, 
36, and 75 recite analogous limitations and arc patentable for the same reasons. 

With Respect to CMrns 13. 29. 44 : Claim 13 recites that the output device provides 
an alphanumeric message. According to the Office Acrion> this featme is disclosed as 
follows-. 

Tlie user is prompted to connect the key device to the computer. In the preferred embodiment^ the 
user is prompted to enter a PIN, although die system can he configured to operate >virhout manual 
PIN entry, (col 1, lines 61-63) 

However, tl:ie u^er prompt is performed by the notebook computet, which is not 
coiTimunicarively coupled by a second path distinct from the USB compliant interface as 
required by claim 7. Claims 29 and 44 are patentable for analogous reasons. 

With Respect to Claims 14. 30. and 45 ; According to the Office Action, the Rallis 
reference discloses that the alphanumeric message identifies the processing operation at (col. 
1 , lines 64-67 and col. 2, lines 1-7. The Applicants can ascertain no such disclosure, and 
therefore aavcrse the rejection of these claims as weU. 

With Respect to Claims 15, 31. and 4-6 : Claim 15 recites that the alphanumeric 
message recites a private key. According to the Office Action, this feature is disclosed in 
RflUis as foUows: 

A pfogrsim diat is automaticaUy invoked at computer power-up, or reset, implements die user- 
vaHdadon proeedure. The user i$ prompted to comiect die key device to die computer. In the 
preferred embodiment, die user is prompted co enter a PIN, although die system can be configured to 
operate widiout manual PIN entry. The procedure permits entry past a first security level only if the 
key device serial niunber matches die unencrypted numbers in die validation record. If the first-level 
vaidflrion is succctisful, the procedure dien uses the encryption key to decrypt the hard drive serial 
number :ind PIN found in die stored validation record- The procedure permits entry past the second 
sectirity level only if the validation record is properiy decrypted, die installed h;ird disk serial number 
matches die decrypted number, and the manually-entered PIN matches the decrypted PIN. A failure 
at any step in the user-validation procedure will immediately power down the computer, diereby 
rendering it useless to a thief not possessing the required key device, 
(col. 1, line 60 through col- 2^ line 7) 
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The foregoing does not disclose presenung an alphanumeric message reciting a 
private key. Accordingly, the Applicants traverse the rejection of claim 15. Gaims 31 and 46 
are patentable for analogous reasons. 

With Respect rn Claims 16-17 32-33. and 47-48 : RalEs discloses none of the 
features dted in the foregoing dau»s. However, claims 16-17, 32-33, and 47-48 have been 
canceled to streamline prosecution of the present application. 

Wirh Respect to Ckim„2Q : The Of&ce Acnon alleges that FIG- 1 A above discloses 
an output device communicatively coupled to the token processor by a second 
communication path distinct &om die USB-compliant interface- The Applicants respectfully 
disagree. 

>yith Respecr to Claims 22 and 37 : The Office Action alleges that coL 1, Unes 61 
tlirough col. 2, line 10 of tlie Rallis reference discloses steps describing if a token processor 
requires access to a private key stored in the token. The Applicants respectfully disagree and 
nraverse diis rejecdon. 

WiA Respect to Claims 50 and 57 : Claims 50 and 57 recite tiiat die token include a 
user inpui device that is a character input device. This feature is not even remotely 
suggested by Rallis. Accordingly, the Applicants traverse this rejecdon as well 

With Respect to Claim 62 : Claim 62 recites: 

a processor, communkalivsl^ coupled to the memoiy and ^ommmicaUvefy coifpkabk to the 
host processing device via the USB-coPTipUant interface, the processor for providing the host processing 
device conditional access to user private data storab/e in the memory; and 
a user input device^ communicativefy coupled to the processor by a path distinct from the USB- 
wmpkant interface^ the user input device for signaling authori:^tion of a processor operation invoked 
by a message received in the token ma the USB'Compliant interface. 

For the reasons described above widi respect to claim 1, the Applicants respectfully 
traverse this rejecdon. 

With Respect to Ciaims 63, 72. 83, and 87 : Claim 63 xecitcs that the operation 
performed by the token processor is selected from the group comprising an encrypdon 
operadon and a decryprion operarion. According to die Office Action, this is disclosed at 
col. 1, hes 1-10 of the Rallis reference. The Applicants respectfully disagree, as the "key" in 
the Rallis disclosure docs not encrypt or decrypt anything ... it simply transmits enctypted 
information. The analysis with respect to claims 72, 83, and 87 is analogous. 
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With Rtspcrr rn Claims 76, 84. and ,89 : Qaim 74 recites that die output device is 
selected from the group comprising an LED, LCD, or an aural reproduction device. The 
Office Action indicates that these features have already been addressed, but the Applicants 
disagree. Plainly, the llallis reference docs not disclose a token having an LED, LCD, or an 
aural reproduction device. The analysis of claims 84 and 89 is analogous. 

With Respect to CIaim5; 56 and 81 : Claim 56 recites daat the step of prompting die 
user to enter the personal identification number comprises the srep of activating a user 
output device via a second communication path disdiict from the USB-cotnpliant interface. 
The Office Action indicates that this is discloses as follows: 

In the "super key" configuraiion, the IR key device 21 includes both an IR transniittcr and IR 
receivei; but does not indude a Ltansmir switch. The IR key device 21 remains die powcrcd-down 
state undl it receives an IR pulse. After die user-validation program prompts the user to align the IR 
key device 21 widi die IR pon 16, it tiunsmits a command message containing a "super key" access 
code number. The access code procedure requires the IR key device 21 to verify receipt of a matching 
code number before ir 'will output the serial nwnl>er and encryption key data. Preferably, the access 
code "hops", or changes, each ome die IR key device 21 is accessed. If tlic IR key device 21 is verifies 
a match between the received access code and a number stored within die device, it transmits a 
response message containing llie key device serial number and the encryption key- (col. 6, lines 7-22), 

The Applicants traverse this rejection. The foregoing does not disclose activating a 
user outpac device via a second communication path distinct &om die USB-compliant 
interface. Claim 81 is allowable for analogous reasons. 

With Respect to Claim 82 : Claim 82 recites ±at the output device is configured to 
indicate the operation of the processor. As described above, this is not disclosed in die 
RaDis reference- 

With Respect to Claims 67 and 85 : Claims 67 and 85 are allowable for the same 

reasons as claim 82. 

Wixh Re?p?qt rp Q^^^rn 86: Claim 86 recites: 

A method of nuthori^ng access to private data stored in a token having a processor 
communicative^ coupled to a host processor via a Universal Serial Bus (USB) inteiface, comprising 
the steps of: 

accepting a command in the token invoking a processor operation via the USB-compliant 
interface; and 

signaSng the processor operation via a user output device communicatively coupled to the 
processor via a communication path distinct from the USB-compliant interface,. 

According to the Office Action, these features arc disclosed as follows: 
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The user is prompted to connect flic key device to the cotnpmer. In die preferred embodiment the 
user is prompted to enter a PEM, although the system can he configured to operate widiout manual 
PIN entry. The procedure permits entry past a first security level only if the key device serial 
number matches the unencrypted numbers in the validation record, (col. 1, lines 62-67) 

and 

A program running on the notebook congsuter 10 uses the key device serial number and the 
encryption key, along with a Personal Identification Number (PIN), in a user-validation procedure 
to prevent operation (i.e. power-up) of the note book computer 10 by an unauthorized user, (col 2, 
lines 62-66) 

However, nothing in Rallis discloses signaling a token processor operation (invoked 
by accepting a command in a USB-compliant interfece) via a user output device 
communicatively coupled to the token processor via a communication path distinct from the 
USB-complianc interface. Accordingly, the Applicants respectfully traverse die rejection of 
claim 86 as welL 

In paragraphs (28)-(29), the Office Action rejected claims 10-12, 26-28, 41-43, Si -52, 
58-59, 64, and 68-70 under 35 U.S.C, §103(a) as being unpatentable over Rallis. Applicants 
respectfully traverse these rejections. 

With Respect ro Claims 10-12. 26-28, 41-43. and 68-70 : Claim 10 recites that the 
user output device is a light emiiting diode. The Office Action takes official notice that 
having a hght emitting device is well known, "because it allows the ustir to know that activity 
is being performed on the device." However, whetlier LEDs are well known in the art or 
not, there is no teaching whatever in Rallis ro add an output device ac aU, let alone use ic to 
inform the user of acdviry performed on the device Indeed, there is no reason why the user 
would want to know what acuvicy is being performed in tlae key ... the Rallis "key" is simply 
used to unlock the notebook computer. Accordingly, the Applicants ttaverse the rejection 
of claim 10 as well as the "official norice" taken in rejecting this claim. 

Claims 26, 41, and 68 recite analogous fearures and are patentable for the same 
reasons. 

Ckims 1 1, 27, 42, and 70 rcdte an aural device, and are patentable for the same 
reasons. 

Claims 12, 28, 43, and 69 redte an LCD display and are patentable for the same 
reasoxis. 
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Wnh Respec t- tr^ rioitr. M.- Claim 64 recites thric the processor operation invoked by 
the message received in the token via the USB-comphant interface comprises a digital 
signature operation using a private key stored in the memory. According to the Office 
Action, that one of ordinary skill in die art would be motivated to use a digital signamxc 
operation since it would verify the sender. 

The Applicants respectfully aaverse this rejection. The RaUis reference discloses a 
system wherein a notebook computer is unlocked using a key matching a PIN stored in the 
notebook- This itself "verifies the sender", and nothing more is required. The Rallis 
reference itself teaches the use of the matching PIN for audiendcation, and.hence, teaches 
away from die Applicants' invention. "A reference may be said to teach away when a person 
of ordinary skill, upon reading the reference, would be discouraged from foUowing the padi 
set out in the reference, or would be led in a direction divergent feom die parfi that was 
taken by the Applicants. The degree of teaching away will of course depend on the 
pavdcular facts; in general, a rcference*s disclos-uxe will teach away if it suggests that die line 
of development flowing from the reference's disclosure is unlilcely to be productive of the 
result sought by die Applicant Jrt re Gurky, 11 R3d 551, 553, 31 U.S.P.Q.2d 1130 (Fed Cir. 
1994). The Applicants therefore traverse the rejection of claim 64. 

With Respr rt rn rkim s 51-52. and 58-59 : The Office Action indicates that it would 
be obvious to have a character input device that includes a wheel and an input position for 
each character. However^ RaUis teaches that die PIN is entered via the notebook computer. 
Further, die only input devices envisioned by die Rallis reference are a fingerprint sensor and 
a switch to turn the IR embodiment on and transmit the serial number and encrypted key 
data. A character input device would hardly be an obvious substitution for either of these 
devices. Accordingly, the Applicants respectfully traverse the rejection of these claims as 
well. 

VI. DEPENDENT CLAIMS 

Dependent ^-w^rr.^ 2-17, 19-34, 36-48, 50-53, 55-60, 62-70, 72-76, 78-79, 81-85, 87-89 
incorporate the limitations of dieir related iadependent claims^ and are dierefore patentable 
on this basis. In addition^ these claims recite novel elements even more remote fi:om the 
dtcd references. Accordingly* the Applicants respectfully request that tliese claims be 
allowed as well. 

-29- 

G&C 30074.26-US-n 



PAGE 44/45 ' RCVD AT 1/6120044:23:51 PM [Easte^^ 



01-06-2004 0i:41PM FROWhGates i Cooper LLP +13106418798 W95 P. 045/045 F-848 



Vn. CONCLUSION 

In view of the above, it is submitted that this applicarion is now in good order for 
allowance and such allowance is respectfully soliciced. Should the Examiner beEeve minor 
matters still remain diat can be resolved in a telephone interview, the Examiner is urged to 
call Applicants' undersigned attorney. 

Respectfully submitted, 

GATES & COOPER LLP 
Attorneys for Applicant(s) 

Howard Hughes Center 
6701 Center Drive West, Suite 1050 
Los Angeles, California 90045 
(310) 641-8797 

Date: January 6. 2004 By: j/i^i^^j^ 

Name: Victor^. Cooper 
Reg. No.: 39,641 

VGC/amb 
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